Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update install-gke-autopilot.adoc #753

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update install-gke-autopilot.adoc #753

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 6 additions & 6 deletions ...ute-admin-guide/install/deploy-defender/orchestrator/install-gke-autopilot.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,11 @@
== Google Kubernetes Engine (GKE) Autopilot

You can now install the Prisma Cloud DaemonSet Defender on your GKE *Autopilot* cluster.
GKE Autopilot clusters are using https://cloud.google.com/kubernetes-engine/docs/concepts/using-containerd[*cos_containerd*] nodes, therefore the DaemonSet must be configured with *CRI runtime*.
GKE Autopilot clusters are using https://cloud.google.com/kubernetes-engine/docs/concepts/using-containerd[*cos_containerd*] nodes, therefore the DaemonSet must be configured with *Containerd runtime*.
Defenders deployed on GKE Autopilot clusters only support the official twistlock registry. You can't use a custom registry.

[.procedure]
. Review the prerequisites and the procedure in the *Google Kubernetes Engine (GKE)* and the *Install Prisma Cloud on a CRI (non-Docker) cluster* sections.
. Review the prerequisites and the procedure in the *Google Kubernetes Engine (GKE)* and the *Install Prisma Cloud on a Containerd (non-Docker) cluster* sections.

. Use the following twistcli command to generate the YAML file for the GKE Autopilot deployment.
+
Expand All @@ -17,7 +17,7 @@ ifdef::prisma_cloud[]
----
$ <PLATFORM>/twistcli defender export kubernetes \
--gke-autopilot \
--container-runtime crio \
--container-runtime containerd \
--cluster-address <console address> \
--address https://<console address>:443
----
Expand All @@ -27,17 +27,17 @@ ifdef::compute_edition[]
----
$ <PLATFORM>/twistcli defender export kubernetes \
--gke-autopilot \
--container-runtime crio \
--container-runtime containerd \
--cluster-address <console address> \
--address https://<console address>:8083
----
endif::compute_edition[]
+
The `--gke autopilot flag adds the 'autopilot.gke.io/no-connect: "true"`' annotation to the YAML file and `--container-runtime crio` flag enables the CRI option for nodes that use the Container Runtime Interface (CRI), not Docker. It also removes the '/var/lib/containers' mount from the generated file as that configuration is not required for the GKE autopilot deployment.
The `--gke autopilot flag adds the 'autopilot.gke.io/no-connect: "true"`' annotation to the YAML file and `--container-runtime containerd` flag enables the Containerd option for nodes that use the Containerd runtime, not Docker. It also removes the '/var/lib/containers' mount from the generated file as that configuration is not required for the GKE autopilot deployment.
+
[NOTE]
====
If you are using the web interface, on *Manage > Defenders > Defenders: Deployed > Manual deploy* ensure that the *orchestrator type* is *Kubernetes*, select the *Container Runtime type* as *CRI-O*, and enable *GKE Autopilot deployment*.
If you are using the web interface, on *Manage > Defenders > Defenders: Deployed > Manual deploy* ensure that the *orchestrator type* is *Kubernetes*, select the *Container Runtime type* as *Containerd*, and enable *GKE Autopilot deployment*.
====

. Create the *twistlock* namespace on your cluster by running the following command:
Expand Down